Wow, that's all it was, it was so confusing the way documents explains it. This is by far the best explanation on AMP I have seen to date, thank you.
@rickysandhu39165 жыл бұрын
This is the best explanation of the entire AMP process I've seen. Finally the concept is now clear. Never had a clear understanding of how all the pieces fit in together until now. Thank you!
@baburali4282 жыл бұрын
This is the best ever and simple explanation of the entire AMP process. Now the AMP concept is clear. Thank you!
@rajakaruppasamy45595 жыл бұрын
Excellent video! Simple but very clear on the concepts!!! Thanks Brain!
@gasha.16 жыл бұрын
Amazing video!! Clear concept! Thankyou Brian:)
@sidss007 Жыл бұрын
What an amazing video !!! Best explanation of AMP.
@binou36556 жыл бұрын
Simple and very nice presentation. Thank you Brian:).
@asaman19744 жыл бұрын
Excellent explanation
@N1kRolexx4 жыл бұрын
Where can I find such a blackboard?)
@logicfirst79597 жыл бұрын
Isn't counter intuitive to use 2 step verification to improve upon file disposition? What information does the Threat Grid has that the AMP database doesn't that qualifies for an improved disposition on that file? If Threat Grid has this sort of advance disposition feature, it should be in sync with AMP Cloud at all times to display correct disposition on the first attempt. Secondly, on Firepower Access control policy's advance section (Files and Malware Settings) is defaulted at "Allowing file if cloud lookup for the block Malware takes longer then (2) seconds". What if this entire process is taking longer then 2 seconds, the file is allowed.
@jdwegner7 жыл бұрын
Threat Grid is a sandboxed VM that opens/runs the file in question, examining the _behaviors_ and returning a threat score. AMP cloud is simply a lookup in a database of previously encountered files. TG can detect zeo-days, the basic AMP database cannot. TG is invoked only if AMP returns a disposition of "unknown."
@NeuroScientician7 жыл бұрын
is he writing it all backward/reversed on a glass?
@IvanRadevRadev7 жыл бұрын
He write it properly, then the editor flips the video and it seems nice to us.
@cryptobox1287 жыл бұрын
Yes. I am actually right-handed in real life!
@brock71475 жыл бұрын
@@cryptobox128 So you did write it all backwards in realtime?
@cryptobox1285 жыл бұрын
No, I wrote it normally and they mirror-imaged it in software. I'm not left-handed. (Hat tip to any Princess Bride fans out there...)@@brock7147
@bigmacdoubleyouv5 жыл бұрын
This was my first thought upon seeing this video.
@minhat5182 Жыл бұрын
So, Is AMP use SSL inspection for detecting threat sir? or it 100% through the AMP cloud . Regards.
@CiscoSystems Жыл бұрын
AMP does not use SSL inspection for detecting threats. Instead, it focuses on file inspection and analysis, leveraging various techniques such as machine learning, behavioral analysis, and cloud-based threat intelligence. We hope this information helps!
@imranhaider88766 жыл бұрын
A 480P video in 2016, really Cisco?
@happosade6 жыл бұрын
Maybe they run out of bw.
@pja89015 жыл бұрын
If this is running on Firepower or ESA, how would AMP handle the encrypted data? Would we need to run HTTPS inspection in the middle for example?
@CiscoSystems5 жыл бұрын
Please visit the Cisco Community for a discussion about AMP running on Firepower and HTTPS/encryption: community.cisco.com/t5/firepower/amp-and-amp-for-endpoint-differences-and-https-encryption/td-p/3016371
@MrTheAlexy6 жыл бұрын
And how the TG gives the scores. The peace of code is either malicious or not, giving score point pushed us to assumption based on probability. What if TG is wrong?
@CiscoSystems6 жыл бұрын
Cisco Threat Grid has a robust and intelligent dynamic analysis engine. The mechanisms it uses to detect malware are constantly updated with the latest threat data, to provide the most accurate results possible. Threat Grid will always provide a complete report for you to review if a decision needs to be changed (can return from quarantine in the AMP console). Threat Grid and AMP also have built in guard rails to prevent conviction of system files that could score poorly based on their behavior.
@n1cktion6 жыл бұрын
What is the point of the SHA-256 encryption?
@CiscoSystems6 жыл бұрын
Hi Nicholas. The SHA-256 is a one-way cryptographic hash by definition, all communications between endpoints and the cloud are always encrypted because in certain cases, potentially sensitive data (such as file name and parent process) can be sent with a SHA 256. It is not just the SHA-256 that is encrypted, it is all of the data.
@n1cktion6 жыл бұрын
Understood, thank you. After using the AMP dashboard further, it's clearer as to why now as well. I appreciate the response!
@AnkurSingh-mq4qf5 жыл бұрын
does my every file which i have downloaded or copied from any sources get submitted to AMP and AMP TG holds the whole content of the file
@CiscoSystems5 жыл бұрын
Hi Ankur. AMP will calculate a SHA 256 on every file, this is a single HASH value that cannot be used to reconstruct the file. Only files that are suspect (and configured to) will be uploaded in their entirety to Threat Grid Cloud for analysis. There are also settings to make sure files that do get submitted are done so “privately” so the contents and result of the dynamic analysis are only accessible by your organization.
@qamarislam18517 жыл бұрын
Hi Brian, Thanks for the information. If we have private cloud on premises and also Cisco Thread Grid Appliance on premises. If the end point is at home and he download the malicious file at home and then how it works on the private cloud. The End point send file SHA256 to the on promises private cloud or what happened?
@cryptobox1287 жыл бұрын
With AMP Private Cloud and remote/mobile endpoints, you would have to ensure that the endpoint is able to reach the AMP PC server (TCP port 443). That will enable the AMP file reputation lookups, policy, retrospective events, etc. For the on-prem Threat Grid appliance, the case is actually easier, because the sample file is not sent directly from the endpoint to TG. Instead, AMP does a "file fetch" operation into the (public or private) cloud, and so you just need to make sure that your AMP PC and your TG can communicate locally.
@rccypher7 жыл бұрын
This response is accurate. However it is also important to note that the AMP Private Cloud must be configured to use FQDN's that are available both on the internet and the intranet. This can be accomplished via split-DNS or DNS-zones. However, just opening TCP 443 without properly configuring DNS will not work.
@logicfirst79597 жыл бұрын
Qamar, the home user is authenticated on the firewall using passive or active authentication methods on the firewall. From there, the firewall handles the file operations based on the file blocking profile. Hope it answers the question.
@josegavalos82556 жыл бұрын
what does amp do if the threat score of the unknown file is 94. 94 is still very high
@CiscoSystems6 жыл бұрын
Hi Jose. Cisco AMP will only auto quarantine a score of 95 or higher, a score of 94 will be logged and you will be able to review the report and make a decision to quarantine or not.
@arian74725 жыл бұрын
ok Good
@secretboys19064 жыл бұрын
AMP sucks! I have to go around my company with the free version of malwarebytes because my company wasted thousands of dollars on this stupid endpoint solution.
@CiscoSystems4 жыл бұрын
We're sorry to hear about this, and will share your feedback directly with the team. Please also reach out to us via TAC@cisco.com for support. Thank you.